The wrong way to stop online piracy

By CHRIS BRONK

Updated
3:19 pm CST, Friday, December 9, 2011

Image
1of/1

Caption

Close

Image 1 of 1

The wrong way to stop online piracy

1 / 1

Back to Gallery

Intellectual property (IP) is the lifeblood of post-industrial economies, including our own. From architectural diagrams and business plans to engineering schematics and pop songs, intellectual products of human beings are among the most valuable assets on the planet. In the past 20 years, creation of IP has almost entirely shifted to computer.

Increasingly, however, anything having to do with computers also equals vulnerability. Attempts to subvert water systems, including one in South Houston reported on Nov. 20, are only the latest in an ongoing narrative of the engineering failures of the digital age. We must remember that a piece of infrastructure connected to the Internet is vulnerable to attacks launched from just about anywhere.

With such great vulnerability, political leaders have rightly expressed a need to intervene in protecting our cyber infrastructure. Two bills in Congress - the Preventing Online Threats to Economic Creativity and Theft of Intellectual Property (PROTECT IP) Act and the Stop Online Piracy Act (SOPA), the latter sponsored by U.S. Rep. Lamar Smith, R-San Antonio - aim to do just that. These bipartisan bills, a rarity in our current legislative climate, would endow the U.S. Department of Justice with the power to blacklist foreign web sites used to distribute digital products in violation of U.S. law, and remove from Internet searches links to such items on the web.

As a producer of intellectual works, I am familiar with copyright infringement and digital theft. In the 1990s, I managed the development of software for export. After a large envelope from the FBI showed up on my desk containing bootleg copies of our software found in Hong Kong in 1998, our Asian revenues dropped to almost nothing. Lesson taught: The cost to copy almost anything in digital form is essentially zero. Stretched thin, the U.S. government could do little to help.

Despite this experience, I don't support the bills. They represent yet another attempt to legislate away the problem of digital theft with little knowledge of how the Internet, computing or even innovation works. The lobbies of the movie and recording industry have fanned the flames of fear held in other industries of digital espionage, and produced legislation that will protect their narrow interests while doing little to actually secure the innovations of pharmaceutical, energy, defense and information technology companies.

Fears of IP theft are valid. At a recent FBI-led counterintelligence working group meeting dedicated to the problem of economic espionage, we discussed at length the very real problem of U.S.-sponsored R&D being stolen by foreign operatives via the Internet. U.S. firms are essentially one good breach away from being out of business. This is a problem in need of solution. Lamentably, neither SOPA nor PROTECT IP provides one.

Worse, provisions in the bills would actually serve to derail nearly a decade's worth of security research and engineering undertaken in partnership between the U.S. government and private companies. PROTECT IP and SOPA offer instructions as to how the domain name system (DNS) that serves as the distributed architecture of the Internet is to be tweaked by the U.S. government, walling off the U.S. from foreign digital thieves. In doing so, the bills essentially outlaw security enhancements to DNS (DNSSEC), which would protect online identity and enhance trust between actors online.

The powers proposed in SOPA and PROTECT IP do not secure the Internet or protect the overwhelming number of U.S. companies, from tech startups to law firms, with IP concerns. Yes, Congress needs to think about how government and industry must cooperate on protecting IP, but it needs to do so in a manner that accepts technological reality and embraces the innovative, entrepreneurial nature of the Internet ecosystem.

A simpler, better idea: Locate the funds to hire 50 additional FBI cyber agents able to serve as legal attachés in foreign countries, prosecuting the most egregious IP violators under current law.